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CONFIGURABLE PASSWORD MAINTENANCE 

Background Of The Invention 
Field of the Invention 

[0001] This invention generally relates to password maintenance. More specifically, 

the invention relates to a tool and to a method to maintain passwords for a plurality of 
applications. 

Background Art 

[0002] Many remotely accessible computer systems require user authentication. The 

user, commonly operating a client system, must be registered with the remote system and 
must type in his or her user ID and a password for that remote system every time it is 
accessed. 

[0003] One problem presented by the need for user authentication is that if the user 

accesses multiple remote systems, the user must remember numerous passwords and user IDs. 
Many users confronted with this problem will often try to use the same piassword for each 
remote system or write down a list of passwords. 

[0004] Both of these makeshift solutions compromise security. If the same password 

is used for each remote system, a system administrator of one remote system will be able to 
obtain passwords usable to access other remote systems. A written list of passwords is an 
obvious breach of security in that anyone with access to the list will be able to access any of 
the remote systems. 

[0005] Another problem with password protected access is that if a user's password 

becomes, or may have become, known to others, it may be necessary for the user to change 
his or her password. This may be a time consuming or inconvenient task, especially if 
multiple passwords or multiple remote applications are involved. 
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[0006] The problem of authenticating a user to a plurality of remote systems has 

become particularly apparent in light of the proliferation of limited access sites on the World 
Wide Web (WWW). Before accessing a site, the user is presented with an authentication 
form generated by his or her WWW browser requesting a user ID and password. The user 
must register separately with each such site and maintain multiple passwords. Furthermore, 
when navigating through the WWW, he or she is frequently interrupted by authentication 
messages requesting a user ID and password. 

Summary Of The Invention 
[0007] An object of this invention is to provide a tool for maintaining passwords 

[0008] Another object of the invention is to provide an application that allows a 

person to define, in a secure way, a multitude of passwords as well as what actions they need 
to perform to initiate a password change. 

[0009] These and other objects are attained with a tool and method for maintaining 

passwords. The tool comprises storage for a plurality of current passwords for a plurality of 
respective applications, and means for displaying a reminder to change one or more of said 
passwords. The tool further comprises a script for simulating keystroke entries, or running an 
executable program, to automatically perform a password change in said respective 
applications for said current passwords of said reminder. These applications may be, for 
example, workstation applications, legacy host applications, server applications, and 
networked applications. 

[0010] Further benefits and advantages of the invention will become apparent from a 

consideration of the following detailed description, given with reference to the accompanying 
drawings, which specify and show preferred embodiments of the invention. 

Brief Description Of The Drawings 
[001 1] Figure 1 illustrates an end-user computing environment in which the present 

invention may be implemented. 
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[0012] Figure 2 shows a display of a typical array of passwords that may be managed 

by the invention.. 

[001 3] Figures 3-6 show screens that may be displayed in the implementation of this 

invention. 

Detailed Description Of The Preferred Embodiments 
[0014] Figure 1 illustrates an end-user computing environment with which the present 

invention may be used. More specifically, Figure 1 shows a user computer or workstation 12, 
password management facility 14, and a plurality of icons representing remote applications. 
These icons, for example, represent applications on a legacy host system 16, applications 
available on server resources 20, applications available via a corporate intranet 22 or via the 
Internet 24, and applications that can be accessed via other remote resources 26. Figure 1 
also graphically represents, at 30, information that may be held in or used by facility 14. 

[001 5] Generally, a person uses computer 12 to connect the computer to the remote 

applications, and many of these applications require that the user provide a password in order 
to obtain access to the application. Management facility 14 is provided to hold those 
passwords and to hold executable script, or other code, that can be invoked or activated to 
change those passwords. 

[0016] More specifically, client 12 connects to a remote application by transmitting a 

connection message. Upon receiving this message, the remote application, or more 
commonly a manager thereof, invokes a security process. This security process receives a 
user ID and a password combination from the connection message transmitted by the client. 
A valid user ID and, often, a user account are associated with a password, all of which have 
been previously established with the application manager. 

[0017] When the security process receives the user ID and password combination 

transmitted by the client, the security process then determines whether the combination of the 
user ID and password is valid. If the combination is valid, the security process returns a 
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message to the application manager indicating that the combination is valid, and the 
application manager then permits the client to have access to the application. 

[001 8] From time-to-time, the password associated with a user ID may be, or may 

need to be, changed. For instance, the security and password mechanisms of a remote 
application may occasionally require changing the password, or the client may want to change 
the password. 

[0019] With prior art systems, in order to make a password change, the client 

transmits a change password message to a remote application or, more commonly, to the 
manger thereof. This message may include not only a proposed new password, but also 
additional information that is needed by the remote application to process the change request. 
After receiving this change password message, the application manager invokes the security 
process, which in turn invokes a change password routine. This routine, which may require 
that several criteria be met before a password can be changed, determines whether the 
password change is allowable. If that change is allowable, the security process effects that 
password change and transmits a message to the client indicating that this change has been 
made. 

[0020] These prior art routines for changing passwords can become time consuming 

and inconvenient, especially if a client wants to change several passwords at the same time. 

[0021] The present invention addresses this issue by providing password management 

facility 14 to manage passwords and password changes. Generally, facility 14 includes a list 
of passwords for associated, remote applications; and for each password, the facility includes 
script or code for changing the password. 

[0022] Preferably, facility 14 includes additional information about the passwords and 

the associated applications. For example, and as represent in Figure 1, for each of a group of 
applications, facility 14 may include a description of the application, a description of the 
password type, the current and the previous passwords, the URL for the application, 
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executable code and parameters needed to change the password, and readable instructions for 
changing the password. 

[0023] To change one or more of the passwords listed in facility 14, the user accesses 

that facility; and when this is done, a list of the passwords is displayed. This display may 
show additional information about the passwords and the related remote applications. For 
example, as illustrated in Figure 2, facility 14 may display a brief description of or reference 
to the remote applications, and a brief description of or reference to the procedure employed 
to change the password. 

[0024] Also, preferably, facility 14, when invoked, displays a graphical user interface 

that, in turn, may be used to invoke or activate the script needed to change the passwords. 
For example, a button may be shown next to or adjacent to each password; and the client may 
invoke the script to change a particular password by moving a cursor or pointer onto the 
button and transmitting an input signal, such as by clicking a mouse connected to the client 
computer. Other procedures for invoking the script or code to change a password will be 
apparent to those skilled in the art and may be used in the practice of the invention. 

[0025] Various user prompts may also be displayed to obtain information from the 

user when a script or code is invoked to change a password. For instance, these prompts may 
be used to get a new password from the user, or to obtain other data needed to change the 
password. 

[0026] Preferably, facility 14 itself is password protected, and, in addition, some or all 

of the data stored in the facility may be encrypted. Thus, a user needs a specific password to 
obtain access to the facility, and the facility includes, or is otherwise used with, a manager 
application or security process to determine if a particular user is to be given access to the 
information and scripts in the facility. Also, facility 14 may have multiple levels or degrees 
of access, so that different users may have different degrees or types of access to the facility. 

[0027] Figures 3-6 show several screens that may be displayed in the implementation 

of this invention. More specifically, Figure 3 shows a working view into the password 
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database. Each entry in the list shown in this screen represents a password document. Figure 
4 illustrates a password document that defines a password and associated descriptive 
information. Figure 5 is a view of classes or types of passwords, and this view is used to 
create a new password. Figure 6 shows a password type definition document that describes a 
type of password and provides associated information. 

[0028] As indicated above, preferably scripts are used to effect the password changes. 

Scripts are routines implemented in a scripting programming language such as PL/SQL, and 
scripts provide the functionality available in routines implemented in other standard 
languages. Script text represents computer instructions, and some of the text can embody 
criteria for passwords. 

[0029] The use of scripts facilitates the extension of the security and password 

mechanisms. The criteria that proposed passwords must meet can be expanded. For 
example, a script can embody criteria that require that the proposed password differ by the old 
password by a given number of characters. A script can also embody complexity criteria, 
such as requiring that a proposed password must contain a number of alphabetic characters, a 
number of numeric characters, and a number of punctuation characters. Because a script can 
operate on data from a table, security mechanisms can be expanded to include additional 
criteria based on data from, for example, user tables, user profile table, and user history 
tables. 

[0030] The scripts can also embody other criteria based on data from other tables or 

databases. As an illustration, a criterion could be that users that connect to a database after a 
certain time belong to a certain class of employees. Based on the user ID, the script could 
query an employee table in another database to determine the class of the employee associated 
with the user ID. * 

[003 1 ] Appendix A lists source code that may be used to implement the present 

invention. 
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[0032] While it is apparent that the invention herein disclosed is well calculated to 

fulfill the objects stated above, it will be appreciated that numerous modifications and 
embodiments may be devised by those skilled in the art, and it is intended that the appended 
claims cover all such modifications and embodiments as fall within the true spirit and scope 
of the present invention. 
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UPDATE PASSWORD Main Agent: 
Sub Initialize 

Dim workspace As New NotesUIWorkspace 

Dim session As New NotesSession 

Dim ThisDB As NotesDatabase 

Dim id As New notesname(session.username) 

Dim collection As NotesDocumentCollection 

Dim Doc As NotesDocument 

Dim currentdir As String 

Dim pw_doc As notesdocument 

' get the new password 
Set ThisDB = session.CurrentDatabase 
Set pw_doc=ThisDB.createdocument 
If Not workspace.DialogBox 
( M NewPassword_F M ,False 9 False,False,False,False ,False,TTL00 1 ,pw_doc) 
Then 

Exit Sub 
End If 

'process the documents 

Set collection = ThisDB .UnprocessedDocuments 
For i = 1 To collection.Count 

Set doc = collection.GetNthDocument(i) 

If(doc.PW_ChangeType(0) = M URL n ) _ 

Then 

workspace.URLOpen doc.PW ChangeURL(O) 
End If 

If (doc.PW_ChangeType(0) = "Manual") _ 

Then 

End If 

If (doc.PW_ChangeType(0) = "Executable") _ 
Then 

current_dir=Curdir 

If doc.PW_ChangeExecutablePath(0)o n " _ 
Then 

Chdir doc.PW_ChangeExecutabiePath(0) 
End If 

Dim exe As Variant 

exe = Shell(doc.PW_ChangeExecutable(0)) 
Chdir currentjiir 
End If 
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'update the password 

Call UpdatePassword(doc,pw_doc.NewPassword(0)) 
doc.PW_Complete=doc.PW_CompletedWhenChanged(0) 
If workspace.DialogBox 
( ,, ChangeInstructions_F ,, ,False,False,False 5 False,False 5 False,TTL002,doc) 
Then 

If doc.PW_Complete(0)= M Yes M _ 
Then 

doc.PW_ChangeLast=Now 
Call CalculateDueDate(doc) 
Call 

AddHistoryCdo^sys^substituteCMSGOOS/'id'^id.abbreviated)) 
End If 

Call doc.save(True,True) 
End If 
Next 

End Sub 

MARK COMPLETE Main Agent: 
Sub Initialize 

Dim session As New NotesSession 

Dim id As New notesname(session.username) 

Dim collection As NotesDocumentCollection 

Dim Doc As NotesDocument 

'process the documents 

Set collection = session.currentdatabase.UnprocessedDocuments 
For i = 1 To collection.Count 

Set doc = collection.GetNthDocument(i) 

doc.PW_ChangeLast=Now 

doc.PW_Complete= ,, Yes M 

Call CalculateDueDate(doc) 

Call AddHistory(doc,sys_substitute(MSG005, ,f id M ,id.abbreviated)) 
Call doc.save(True,True) 
Next 

End Sub 

COPY TO CLIPBOARD Main Agent: 
Sub Initialize 

' put the selected documents on the clip board for inclusion in a 

note 

i********** 
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Dim this_session As New notessession 
Dim these_docs As notesdocumentcollection 
Dim this_doc As notesdocument 
Dim data As String 

1 get the documents 

Set these_docs=this_session.currentdatabase.unprocesseddocuments 



'initialize 

Call ClearClipboard 

data=FormatLine("Type'7'Machine ID'V'User 
ID'V'Description", "Password") 
data=data+FormatLine(" 

«) 



II M 

II II 



'write the documents 

Set this_doc=these_docs.getfirstdocument 
While Not this_doc Is Nothing 

data=data+FormatLine(this_docPW_^ 

rID(0),this_doc.PW_Description(0),this_doc.PW_PasswordHistory(0)) 
Set this_doc=these_docs.getnextdocument(this_doc) 
Wend 

Call AddClipboardData(data) 
End Sub 

Function FormatLine(Byval ptype As String,Byval machineid As String,Byval 

userid As String,Byval description As String,Byval password As String) As 

String 

t********** 

' format the data into a line for the clipboard 

Dim data As String 

data=Left(ptype+" ",10)+"" 
data=data+Left(machineid+" ",15)+" " 

data=data+Left(userid+" ",15)+"" 

data=data+Left(description+" " 5 30)+" " 

data=data+password+Chr( 1 3)+Chr( 1 0) 
FormatLine=data 
End Function 

SCRIPT LIBRARY MODULES (used by agents above): 

Function AddClipboardData(MyString As String) As Variant 
i********** 

' place data on the clipboard 
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<********** 

Dim hGlobalMemory As Long 
Dim lpGlobalMemory As Long 

'Allocate moveable global memory. 

hGlobalMemory = Global Alloc(GHND, Len(MyString) + 1) 

'Lock the block to get a far pointer to this memory. 
lpGlobalMemory = GlobalLock(hGlobalMemory) 

'Copy the string to this global memory. 
lpGlobalMemory = lstrcpy(lpGlobalMemory, MyString) 

'Unlock the memory. 

If GlobalUnlock(hGlobalMemory) o 0 _ 
Then 

AddClipboardData=flase 
Exit Function 
End If 

'Open the Clipboard to copy data to. 
If OpenClipboard(0&) = 0 _ 
Then 

AddClipboardData=False 
Exit Function 
End If 

'Copy the data to the Clipboard. 

hClipMemory = SetClipboardData(CF_TEXT, hGlobalMemory) 

'close the clipboard 

If CloseClipboard() = 0 _ 

Then 

AddClipboardData=False 
Else 

AddClipboardData=True 
End If 

End Function 

Function ClearClipboard As Variant 
*********** 

' empty the content of the clipboard 
*********** 

' Open the Clipboard to clear it 
If OpenClipboard(0&) = 0 _ 

APPENDIX A 
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Then 

ClearClipboard=False 
Exit Function 

'empty it 

Elseif 0 = EmptyClipboardO _ 
Then 

ClearClipboard=False 
Else 

ClearClipboard=True 
End If 

'now close the clipboard 
IfCloseClipboard() = 0_ 
Then 

ClearClipboard=False 
End If 

End Function 

Sub CalculateDueDate(doc As notesdocument) 
*********** 

1 calculate the due date based on the last change date and duration 

If 7=Datatype(doc.P W_ChangeLast(0)) And 
Isnumeric(doc.PW_ChangeDuration(0)) _ 
Then 

doc.PW_ChangeDueDate=doc.Pw_ChangeLast(0) 
+doc.PW_ChangeDuration(0) 

If Isnumeric(doc.PW_Change Warning(O)) _ 
Then 

doc.PW_ChangeWarningDate=doc.PW_ChangeDueDate(0) 
-doc.PW_ChangeWarning(0) 
End If 
End If 
End Sub 

Sub UpdatePassword(doc As notesdocument,Byval password As String) 
*********** 

' update the password 
*********** 

Dim this_session As New notessession 

Dim id As New notesname(this_session.username) 

Dim passwordsO As String 

Dim size As Integer 
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Dim count As Integer 
size=3 

If 2=Datatype(doc.P W_VersionsToSave(0)) _ 
Then 

If 0<doc.P W__VersionsToSave(0) _ 
Then 

size=doc.PW_VersionsToSave(0) 
End If 
End If 

' move the passwords to the next incoment and add the new one 
Redim passwords(size-l) 
passwords(0)=password 
For count=0 To size-2 

If count<=Ubound(doc.PW_PasswordHistory) _ 

Then 

passwords(count+ 1 )=doc.P W_PasswordHistory(count) 
End If 
Next 

doc.PW_PasswordHistory=passwords 
' add to the history 

Call AddHistory(doc,sys_substitute(MSG003 5 "id",id.abbreviated)) 
End Sub 

Sub AddHistory(doc As notesdocument,Byval description As String) 
f********** 

1 add to the document history 
*********** 

Dim history() As String 
Dim size As Integer 
Dim count As Integer 

If doc.PW_History(0)= ,m _ 
Then 

'create a new item 

Redim history(O) 
Else 

'get the current history 
size=Ubound(doc.PW_History) 
Redim history(size) 
For count=0 To size 

history(count)=doc.PW_History(count) 
Next 

size=size+l 
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'add the new history to the top 
Redim Preserve history(size) 
For count=size To 1 Step -1 

history(count)=history(count- 1 ) 
Next 
End If 

'place the new history value 
history(0)=Now & " " & description 
doc.PW_History=history 
End Sub 

Function Sys_Substitute(Byval data As String, Byval var As String, Byval 

value As String) As String 
i********** 

1 substitue a value for %var% 
>********** 

Dim pos As Integer 
Dim size As Integer 

'prepare the var name 

var = "%" + Ucase(var) + "%" 

size = Len(var) 

'repedidly replace the var 
pos = Instr(Ucase(data), var) 
Do While pos o 0 

data = Left$(data, pos - 1) + value + Mid$(data, pos + size) 

pos = Instr(Ucase(data), var) 
Loop 

SysJSubstitute = data 
End Function 

Function Sys_ParseString(Byval inline As String, Byval delimiter As String) 

As String 

*********** 

' parse a string at the delimiter 
I********** 

Static data As String 
Dim pos As Integer 

'initialize the data 
Ifinlineo""_ 
Then data = inline 

'find the location of the delimiter 
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pos = Instr(data, delimiter) 

'parse off the word 
If pos = 0 Or delimiter = _ 
Then 

Sys_ParseString = data 
data = 
Else 

Sys_ParseString = Left$(data, pos - 1) 
data = Trim$(Mid$(data, pos + Len(delimiter))) 
End If 

End Function 

Function Sys_Pad(Byval data As String,Byval size As Integer) As String 
*********** 

' pad data out to size width 
*********** 

Sys_Pad=Left(data+String(size," M ),size) 
End Function 

Function next_ini_line(Byval file As Integer, section As String) As String 
i********** 

1 read an ini file until the next data line 
*********** 

Dim this line As String 
readjiewjine: 

'exit if file is done 
IfEof(file)_ 
Then 

next_jni_line = "" 

Exit Function 
End If 

'read the next record 
Line Input #file, thisjine 
this_line = Trim(this_line) 

! read the next line if empty 
IfO = Len(this_line)_ 
Then 

Goto readnewjine 
End If 

Vead the next line if this is a comment 
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If";" = Left(thisJine 9 1)_ 
Then 

Goto read_new_line 
End If 

f set a new section 

IfT = Left(thisJine, 0_ 
Then 

section = Ucase(Mid$(this_line, 2, Len(thisjine) - 2)) 
Goto readnewline 
End If 

next_ini_line = thisjine 
End Function 

Sub parse_ini_line(Byval fileline As String, var As String, value As 

String) 

*********** 

' parese the var=value info its pieces 
*********** 

Dim pos As Long 

pos = Instr(fileline, "=") 

lfpos = 0_ 

Then 

var = fileline 

value = 
Else 

var = Left$(fileline, pos - 1) 
value = Mid$(fileline, pos + 1) 
End If 

var = Trim$(var) 
value = Trim$(value) 
var = Ucase(var) 
End Sub 

Function Sys_ParseCSV(record As String) As String 
*********** 

1 parse off the next comma delimited value 
*********** 

Dim value As String 
Dim qstring As String 

value=Sys - ParseString(record, H , M ) 
qstring=Trim(value) 

IfLeft(qstring,l)=rL 
Then 
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IfRight(qstring,l)=|"|_ 
Then 

value=Mid(qstring,2,Len(qstring)-2) 
Else 

value=Mid(qstring,2)+","+Sys_ParseString(" , M"|) 
Call Sys_ParseString("",",") 
End If 
End If 

Sys_ParseCSV=value 
End Function 
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